johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/drafts/vault1984-pr-plan.md

5.9 KiB
Raw Blame History

vault1984 — PR & Communications Plan

Saved March 2026 — DO NOT EXECUTE until product is locked

Status: HOLD. Product must ship before any of this moves.

The core asset: "We Do Not Comply"

A formal open letter published on vault1984.com, addressed simultaneously to:

  • The Five Eyes alliance (NSA, GCHQ, CSE, ASD, GCSB)
  • The FSB (Russia)
  • The MSS (China)

Not a blog post. A letter. With the list of laws, the architecture argument, and one line: "We cannot comply. Not because we won't. Because we don't have what you're asking for."

Countries/laws to name explicitly

Authoritarian:

  • China — Network Data Security Regulations (2024), Criminal Code decryption requirements, Cryptography Law
  • Russia — Yarovaya Law (Federal Law No. 374-FZ): mandatory handover of decryption keys to FSB
  • Kazakhstan — data localization + mandatory government access
  • Vietnam — Cybersecurity Law 2019

Western democracies (no favorites):

  • USA — PATRIOT Act, CLOUD Act, FISA courts, National Security Letters with gag orders
  • UK — Investigatory Powers Act 2016 ("Snoopers' Charter"): bulk collection, compelled backdoors, Technical Capability Notices
  • Australia — TOLA Act (Assistance and Access Act 2018): compels tech companies to build decryption capabilities on demand
  • EU — Chat Control proposal: client-side scanning of encrypted messages
  • Five Eyes collectively — formally and repeatedly called for encryption backdoors

The line: Architecture doesn't discriminate by flag. FBI, FSB, MSS, GCHQ — same answer. We don't have your keys.

The Orwell connection: He was British. The UK's surveillance law is a monument to the warning he wrote.

High-value X targets

Peter Steinberger (@steipete) Founder of OpenClaw, just joined OpenAI to "bring agents to everyone." Actively amplifies tools built around OpenClaw. 5.3M views on his OpenAI announcement tweet. Not a cold pitch — engage when vault1984 is the natural answer to "my OpenClaw agent needs credentials." The connection: vault1984 is the credential layer for exactly what he's building.

Chao Huang (@huang_chao4969) CLI-Anything — "making ALL software agent-native." 11K GitHub stars in 5 days, 18.2K views on this tweet. The connection: CLI-Anything makes any software agent-controllable. Every agent controlling software needs credentials. vault1984 is the answer to the problem CLI-Anything creates at scale. Engage in the #clianything / #AIAgents threads when vault1984 ships. Natural reply, not a cold pitch.

Brian Krebs (@briankrebs) krebsonsecurity.com. Most read security journalist. Covered LastPass breach exhaustively. Pitch the LastPass page + architecture when product ships.

Troy Hunt (@troyhunt) HaveIBeenPwned.com. THE breach authority. One mention reaches every security professional. Architecture argument is his language.

Distribution plan (when ready)

Anchor

  • Publish the open letter at vault1984.com/cannot-comply
  • Simultaneously publish a /security page explaining the architecture

Press pitches

  • Wired — covered LastPass breach extensively, covers surveillance, 15M readers
  • The Intercept — built for this. Surveillance, encryption, government overreach.
  • The Register — UK audience, Investigatory Powers Act is their beat
  • EFF — don't pitch a story, pitch a partnership. Ask for formal recognition / co-sign.

X

  • One image post: governments on one side, "Your answer: We don't have your keys." Not a thread. An image. Screenshot-shareable.

YouTube (without being on camera)

  • Pitch to privacy YouTubers: Techlore, Mental Outlaw, or a security researcher channel
  • They make the video, vault1984 gets the reach

HN

  • Let it be discovered organically via the open letter, or submit as a link post (not Show HN)
  • Technical debate in comments = credibility

Long game

  • Submit architecture paper to DEF CON or Black Hat
  • If accepted: the talk reaches every security professional who matters; the YouTube recording does itself

Why this works

Every other password manager complies with government requests — because they have the keys. vault1984 structurally cannot comply. Being compelled and refusing is the proof-of-work that the claims are real.

If China sends a legal demand: publish the response. The headline writes itself. Signups spike.

Apple's San Bernardino moment made every privacy claim credible overnight. This is vault1984's equivalent — except proactive, not reactive.

Timing

Not before: Product is shipped, tested, and stable. Nailing the product is the prerequisite. Going public before the product is locked hands competitors a roadmap.

Trigger: Show HN ships and is successful. Product has paying users. Then this plan activates.

Ideas pool — parked for later

Open letter to LastPass's 33M users "Here's what happened to your vault and why it can't happen here." Published on vault1984.com, pitched to Krebs and Troy Hunt. Facts only, sourced to FBI and TRM Labs.

Architecture comparison page vault1984 vs. LastPass model, side by side. No opinion. Just the architecture. Devastating in its accuracy.

Bug bounty as PR "Extract a credential from a vault1984 server. We'll pay $10,000." Mathematically impossible to win. Excellent press. Proves the claim costs nothing because nobody can collect.

The acquisition angle LastPass is owned by Francisco Partners (PE). Architecture is broken, can't be fixed without destroying the product. 33M users hemorrhaging. Acquiring vault1984 gives them a rebuilt architecture and a redemption story. The provocation ladder (plaintiff page → open letter → architecture comparison) makes vault1984 undeniable — too credible to dismiss, too well-positioned to out-build. Acquisition becomes cheaper than watching vault1984 eat their users.

All of the above: hold until product ships and Show HN is live.

George for Johan. Hold until product ships.